Box is a recognized leader in the cloud security space. We understand that security is an ever-evolving landscape of vulnerabilities, new techniques, and best practices, so we’re doubling down our efforts. We’re in search for a staff offensive security engineer who thinks like an attacker, executes organized red team attacks against Box and our partners with Security, Product, IT and Engineering teams and help support fixing the issues identified.
WHAT YOU’LL DO
Plan and lead red team exercise operations against the corporation for the purpose of training incident response teams
Plan and lead purple teaming exercises in collaboration with Incident response teams.
Network and host penetration testing.
Develop tools and maintain red team’s operational infrastructure.
Tracking and researching the latest attacks and how they might apply to our environments.
Document and present results to a variety of target audiences, ranging from highly technical engineers over to non-technical subject matter experts to senior leadership.
Develop the red team roadmap and drive the direction for the red team program as a whole
WHO YOU ARE
Formal education in information security, including undergraduate, graduate, or training certifications (OSCP, OSCE, SANS, etc)
5+ years of offensive security responsibilities
2+ years of non-consulting offensive security responsibilities
2+ years of experience in informations security, network security, systems security, IT or software engineering roles
Extensive offensive security knowledge and penetration testing experience in numerous areas including web applications, networks, and infrastructure (cloud and on-prem).
Experience performing reconnaissance, exploitation and privilege escalation aimed at compromising networks/applications/individuals.
Knowledge with common threat modeling approaches and enterprise attack surfaces.
Comfortable scripting, writing tools and malware to automate repeatable tasks.
Previous experience in leading or managing offensive security engagements (red team/ethical hacking).
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.